BYOK — Bring Your Own Key
BYOK means you bring your own AI provider key. Decoder never proxies AI calls through a shared account: your key, your billing, your privacy boundary.
What it is
Pattern where the application accepts user-supplied API credentials for an external provider instead of operating a shared backend account.
Why it's useful
Removes the shared-trust boundary, simplifies compliance, eliminates per-user rate-limit contention, lets each user pick model and cost ceiling.
How Decoder implements it
Keys are stored AES-256-GCM encrypted in the database, decrypted only inside the server function that issues the provider call, never returned to the client. Per-provider metadata is surfaced through an admin-scoped view.
When to use it
Whenever you want AI features (explain, AI-origin verbalisation, repo chat). Required unless you run a local model.
When NOT to use it
If the user must never see a provider error: BYOK exposes provider rate-limits and 4xx responses directly.
Practical example
Settings → Add OpenRouter key → ciphertext lands in user_ai_credentials. Calling Explain pulls the key admin-side, hits OpenRouter, streams the result back. No other user can read or use the key.
FAQ
Glossary
- BYOK
- Bring Your Own Key — the user supplies their own provider credential.
- RLS
- Row-Level Security — database-side policy that scopes rows to the authenticated user.
- AES-256-GCM
- Authenticated symmetric encryption used to protect credentials at rest.
Related
Local AI lets you use Decoder's explain and chat features against a model running on your own hardware via Ollama or LM Studio — useful when code cannot leave your environment.
Ollama is a lightweight runtime for serving open-weight LLMs locally. Decoder talks to it through its OpenAI-compatible endpoint.
OpenRouter is a unified API in front of many model providers. With BYOK you get access to dozens of models in Decoder from a single key.
Repository Analysis turns a codebase into something you can read, search and interrogate. Upload a ZIP or import a public GitHub project; Decoder indexes structure, runs static checks and gates AI features behind your own key.
Chat with Your Code turns a repository into a queryable knowledge surface. Ask 'where is auth handled?' or 'what does this script do?' and get answers grounded in your actual files.
AI-Origin Detection estimates whether a code artefact was likely produced by an LLM, and explains why. The goal is informed review, not gatekeeping.
The EU AI Act (Regulation 2024/1689) sets obligations on providers and deployers of AI. For code analysis, transparency and data control are the levers that matter most.
GDPR governs personal data in the EU. Even code can carry personal data (logs, fixtures, PII in test files). Decoder's defaults minimise exposure.
LM Studio is a desktop app that runs LLMs locally with an OpenAI-compatible API. Decoder targets that endpoint when you choose local inference.
Anthropic's Claude family is a popular choice for code reasoning. Paste your Anthropic key in Settings and Decoder routes AI features through Claude.
OpenAI's GPT family powers many code-review workflows. Add your key in Settings and Decoder routes AI features directly through OpenAI.
Gemini brings large context windows and competitive pricing. Add your Google AI Studio key in Settings and Decoder routes AI features through Gemini.